IoT: Ensuring Security Is In Place

As we start 2015, the forecasts and market projections for IoT are already increasing by multiple billions of devices it appears, almost on a daily basis. The industry is ramping up, and with an already initial foundation of a few billion smartphones, tablets, and laptops in the market, the next several billion IoT devices will have an installed base to communicate and interact with.

One of the critical concerns as the industry designs and deploys the IoT is to ensure security is in place to protect both the data and devices. Everything may be connected to the cloud, but we need controlled security that the end users can trust and control.

A new report from Parks Associates shows that at the end of 2014, 79% of US households will have broadband access and 80% of these homes will have an operating home network. So clearly the IoT devices of tomorrow can already connect to the existing network infrastructure we have in place today. But with this easy and readily available Internet connection comes all the associated risks and concerns on security for device access and data protection. With all these devices in active communication, the scale and size of the potential risk is perhaps as large as the billions of units forecast by the market projections.

In sensor hubs and home gateways, security must be implemented at a variety of levels – for owners, children, guests, etc. It's important to also control rights and privileges as services are delegated to new applications and devices. We believe that a security solution built on hardware virtualization is critical for the variety and number of security levels required. And within that that implementation, it's important to have multiple secure domains that enable devices to keep content, personal data, and other services each independent and secure from each other.

As we rely more and more on these devices, we need to have assurance that the underlying foundation of security and privacy are both managed and controlled. The standards for device security may not be a label on the box, but could well become the most important feature, after all it will be our stuff inside and we want to be sure in knowing why, when, and how it's used. The implications for the devices and applications will be far reaching. If the device is developed and deployed with a set of use case expectations and then other apps expand and enhance this experience, the end users will still want to have a system of trust that gives overall control and protection.

The ease of use and implementation of the security features will also need to be configured and managed in a very easy to use manner. Granting access and privileges for devices and future applications must maintain associations with the original expectations of the user. Allowing guest devices and visitors to use some resources and facilities will need to be both easy and with obvious context control to avoid unintended risks. After all, it not just my private data, the service providers are investing and subsidizing these IoT devices with new business models and use cases. The integrity of the data and system should be fundamental to all involved with planning IoT systems. The ultimate goal should be that all of the billions of devices can communicate in the cloud in a safe and controlled manner.